From 49e2f9d5518595dc29d786b80fc87b7c6b5c877b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Daniel=20Marjam=C3=A4ki?= Date: Mon, 25 Mar 2019 15:29:23 +0100 Subject: [PATCH] Fixed #9063 (Crash on invalid code: x='0' ++ '0' ( return)[ ];) --- lib/tokenize.cpp | 6 ++++++ test/testgarbage.cpp | 1 + 2 files changed, 7 insertions(+) diff --git a/lib/tokenize.cpp b/lib/tokenize.cpp index d5a02c03c..0d11f48a0 100644 --- a/lib/tokenize.cpp +++ b/lib/tokenize.cpp @@ -8508,6 +8508,12 @@ void Tokenizer::findGarbageCode() const unknownMacroError(tok->linkAt(1)->previous()); } + // Assign/increment/decrement literal + for (const Token *tok = tokens(); tok; tok = tok->next()) { + if (Token::Match(tok,"%num%|%str%|%char% %assign%|++|--")) + syntaxError(tok); + } + for (const Token *tok = tokens(); tok; tok = tok->next()) { if (Token::Match(tok, "if|while|for|switch")) { // if|while|for|switch (EXPR) { ... } if (tok->previous() && !Token::Match(tok->previous(), "%name%|:|;|{|}|(|)|,")) diff --git a/test/testgarbage.cpp b/test/testgarbage.cpp index ae2f2743d..4ba896d05 100644 --- a/test/testgarbage.cpp +++ b/test/testgarbage.cpp @@ -1654,6 +1654,7 @@ private: void syntaxErrorFuzzerCliType1() { ASSERT_THROW(checkCode("void f(){x=0,return return''[]()}"), InternalError); + ASSERT_THROW(checkCode("void f(){x='0'++'0'(return)[];}"), InternalError); // #9063 } void enumTrailingComma() {